Volume 3, Number 2, 2017 Pages Jordan Journal of Electrical Engineering ISSN (Print): , ISSN (Online):

Similar documents
A Block Cipher Using Linear Congruences

7. Modern Techniques. Data Encryption Standard (DES)

DIFFERENTIAL CRYPTANALYSIS FOR A 3-ROUND SPN

DISTRIBUTION LAW Okunev I.V.

Run-length & Entropy Coding. Redundancy Removal. Sampling. Quantization. Perform inverse operations at the receiver EEE

The multiplicative structure of finite field and a construction of LRC

On Cryptographic Properties of Random Boolean Functions

Discrete-Time Systems, LTI Systems, and Discrete-Time Convolution

Algorithm of Superposition of Boolean Functions Given with Truth Vectors

A statistical method to determine sample size to estimate characteristic value of soil parameters

LINEAR REGRESSION ANALYSIS. MODULE IX Lecture Multicollinearity

62. Power series Definition 16. (Power series) Given a sequence {c n }, the series. c n x n = c 0 + c 1 x + c 2 x 2 + c 3 x 3 +

Module 5 EMBEDDED WAVELET CODING. Version 2 ECE IIT, Kharagpur

Problem Set 2 Solutions

11 Correlation and Regression

CS284A: Representations and Algorithms in Molecular Biology

The target reliability and design working life

Geometry of LS. LECTURE 3 GEOMETRY OF LS, PROPERTIES OF σ 2, PARTITIONED REGRESSION, GOODNESS OF FIT

Oblivious Transfer using Elliptic Curves

Algebra of Least Squares

THE ASYMPTOTIC COMPLEXITY OF MATRIX REDUCTION OVER FINITE FIELDS

10-701/ Machine Learning Mid-term Exam Solution

1 Inferential Methods for Correlation and Regression Analysis

DES-LIKE CIPHERS, DIFFERENTIAL ATTACKS AND APN FUNCTIONS

Lecture 19: Convergence

Apply change-of-basis formula to rewrite x as a linear combination of eigenvectors v j.

Chapter Vectors

Frequency Domain Filtering

PAijpam.eu ON TENSOR PRODUCT DECOMPOSITION

Warped, Chirp Z-Transform: Radar Signal Processing

Determinants of order 2 and 3 were defined in Chapter 2 by the formulae (5.1)

Filter banks. Separately, the lowpass and highpass filters are not invertible. removes the highest frequency 1/ 2and

Chaos-Based Image Encryption Using an Improved Quadratic Chaotic Map

Olli Simula T / Chapter 1 3. Olli Simula T / Chapter 1 5

Simon Blackburn. Sean Murphy. Jacques Stern. Laboratoire d'informatique, Ecole Normale Superieure, Abstract

The Random Walk For Dummies

OBJECTIVES. Chapter 1 INTRODUCTION TO INSTRUMENTATION FUNCTION AND ADVANTAGES INTRODUCTION. At the end of this chapter, students should be able to:

CEE 522 Autumn Uncertainty Concepts for Geotechnical Engineering

Optimum LMSE Discrete Transform

Probability, Expectation Value and Uncertainty

CALCULATION OF FIBONACCI VECTORS

End-of-Year Contest. ERHS Math Club. May 5, 2009

Design and Analysis of Algorithms

6.867 Machine learning, lecture 7 (Jaakkola) 1

FIR Filter Design: Part II

On Random Line Segments in the Unit Square

Statistical Properties of the Square Map Modulo a Power of Two

Lecture 12: November 13, 2018


a for a 1 1 matrix. a b a b 2 2 matrix: We define det ad bc 3 3 matrix: We define a a a a a a a a a a a a a a a a a a

15.083J/6.859J Integer Optimization. Lecture 3: Methods to enhance formulations

Optimally Sparse SVMs

6.003 Homework #3 Solutions

Research Article Health Monitoring for a Structure Using Its Nonstationary Vibration

Best Optimal Stable Matching

Chapter 2 The Solution of Numerical Algebraic and Transcendental Equations

A Note on the Symmetric Powers of the Standard Representation of S n

CS / MCS 401 Homework 3 grader solutions

Evapotranspiration Estimation Using Support Vector Machines and Hargreaves-Samani Equation for St. Johns, FL, USA

Research Article Some E-J Generalized Hausdorff Matrices Not of Type M

Roger Apéry's proof that zeta(3) is irrational

1 Hash tables. 1.1 Implementation

The Choquet Integral with Respect to Fuzzy-Valued Set Functions

Lecture 11: Pseudorandom functions

Chapter 9: Numerical Differentiation

ADVANCED SOFTWARE ENGINEERING

Complex Stochastic Boolean Systems: Generating and Counting the Binary n-tuples Intrinsically Less or Greater than u

Invariability of Remainder Based Reversible Watermarking

ECE-S352 Introduction to Digital Signal Processing Lecture 3A Direct Solution of Difference Equations

The Growth of Functions. Theoretical Supplement

Mathematical Methods for Physics and Engineering

Topic 9: Sampling Distributions of Estimators

Sequences, Mathematical Induction, and Recursion. CSE 2353 Discrete Computational Structures Spring 2018

Similarity Solutions to Unsteady Pseudoplastic. Flow Near a Moving Wall

Finally, we show how to determine the moments of an impulse response based on the example of the dispersion model.

w (1) ˆx w (1) x (1) /ρ and w (2) ˆx w (2) x (2) /ρ.

1 Summary: Binary and Logic

Modified Logistic Maps for Cryptographic Application

It is always the case that unions, intersections, complements, and set differences are preserved by the inverse image of a function.

Algorithm Analysis. Chapter 3

Soo King Lim Figure 1: Figure 2: Figure 3: Figure 4: Figure 5: Figure 6: Figure 7:

EE260: Digital Design, Spring n Binary Addition. n Complement forms. n Subtraction. n Multiplication. n Inputs: A 0, B 0. n Boolean equations:

EE260: Digital Design, Spring n MUX Gate n Rudimentary functions n Binary Decoders. n Binary Encoders n Priority Encoders

Skip lists: A randomized dictionary

An Introduction to Randomized Algorithms

Chapter 9 - CD companion 1. A Generic Implementation; The Common-Merge Amplifier. 1 τ is. ω ch. τ io

1 Review of Probability & Statistics

FACULTY OF MATHEMATICAL STUDIES MATHEMATICS FOR PART I ENGINEERING. Lectures

Riesz-Fischer Sequences and Lower Frame Bounds

Linear Regression Models

The picture in figure 1.1 helps us to see that the area represents the distance traveled. Figure 1: Area represents distance travelled

ANALYSIS OF EXPERIMENTAL ERRORS

Lecture 8: Solving the Heat, Laplace and Wave equations using finite difference methods

a for a 1 1 matrix. a b a b 2 2 matrix: We define det ad bc 3 3 matrix: We define a a a a a a a a a a a a a a a a a a

Research Article A Unified Weight Formula for Calculating the Sample Variance from Weighted Successive Differences

2D DSP Basics: 2D Systems

Sensitivity Analysis of Daubechies 4 Wavelet Coefficients for Reduction of Reconstructed Image Error

Chimica Inorganica 3

FFTs in Graphics and Vision. The Fast Fourier Transform

CHAPTER 4 BIVARIATE DISTRIBUTION EXTENSION

Transcription:

JJEE Volume 3, Number, 07 Pages 50-58 Jorda Joural of Electrical Egieerig ISSN (Prit: 409-9600, ISSN (Olie: 409-969 Liftig Based S-Box for Scalable Bloc Cipher Desig Based o Filter Bas Saleh S. Saraireh Departmet of Commuicatio ad Electroics Egieerig, Philadelphia Uiversity, Amma, Jorda e-mail: ssaraireh@philadelphia.edu.o Received: Jauary 30, 07 Accepted: April 7, 07 Abstract The security of data exchage is cosidered a sigificat problem. It requires the use of various cryptographic algorithms, such as stream cipher ad bloc cipher. The implemetatio of a secure cryptographic bloc cipher algorithm requires the geeratio of strog substitutio ad permutatio layers. These layers should satisfy the priciples of security (diffusio ad cofusio. The proposed liftig scheme substitutio box (s-box, which ca be used to implemet the substitutio layer i a filter ba bloc cipher structure to support the scalability ad security of the cipher. The cryptographic properties of the proposed s-box are studied, evaluated ad compared with Ridael s-box for the avalache criteria, strict avalache criterio (SAC, bit idepedet criterio (BIC, XOR table distributio, ad liear approximatio table (LAT. The results obtaied cofirm the security ad scalability of the proposed s-box. Keywords Avalache, Bloc cipher, Cryptography, Filter ba, Liftig, S-Box, Scalability. I. INTRODUCTION A Novel scalable bloc cipher structure based o filter bas over a fiite field was proposed by the authors i []. The substitutio layer combies the aalysis filter ba ad ovel liftig scheme s-box to address the scalability limitatios i existig bloc ciphers [] without icreasig complexity. This is achieved by exploitig the scalability ad high diffusio properties of the filter ba structures; the scalable cofusio via a udicious liftig scheme [] eables the security versus complexity versus performace trade-off to be made for a particular applicatio. Such trade-off is becomig icreasigly importat i emergig commuicatios systems. The liftig scheme beig reversible by structure reduces the boudary existece; also, predictio ad update liftig steps ca be either liear or oliear based o the applicatio. Hece, it allows oliearity to be itroduced i a regular, extedable ad simple form. These advatages of the liftig scheme mae it suitable to implemet a strog scalable s-box. To examie the stregth of the s-box, it is ecessary to study its cryptographic properties. I [3], parity chec bits were embedded i the output of the s-box of the modified DES cipher; the embedded process was applied to icrease the resistat of the cipher agaist liear cryptaalysis. The obtaied results showed that the embedded process did ot ehace the security of the modified DES cipher. The security of the modified DES cipher s-box was examied i [4]; each s-box of the modified DES was precoded separately ito eve weight codes of legth 4. The results were compared with the origial DES usig the same umber of rouds. I [5], the security of the s-boxes for RIJNDAEL, Expoetiatio K Safer-64 ad Logarithm K Safer-64 were evaluated. The evaluatio process used differet criteria, such as avalache, strict avalache ad bit idepedece. The results showed the domiace of the Ridael over the others. The s-boxes of AES, MARS, Sipac, Serpet ad Twofish ciphers were aalyzed based o two layers, amely, white box layer ad blac box layer [6]. The outcome Correspodig author's e-mail: ssaraireh@philadelphia.edu.o

07 Jorda Joural of Electrical Egieerig. All rights reserved - Volume 3, Number 5 of the aalysis showed that AES s-box is the most secure amog all s-boxes followed by MARS s-box ad Sipac s-box, respectively. I this paper, the diffusio ad cofusio properties of the proposed s-box are aalyzed i terms of the avalache, strict avalache, ad bit idepedet criteria for the diffusio aspects. Cofusio aspects are aalyzed i terms of the XOR table distributio ad liear approximatio table. It is show that the proposed s-box satisfies the cryptographic security properties above. The liftig scheme s-box is show i Fig.. Note that the symbol S i Fig. is deotig the iverse fuctio with affie trasform over GF(8, which is a oliear fuctio. The liftig scheme over GF(8 as show i Fig. ca be represeted mathematically by the followig equatios: a a y y x ( x S( a ( a S( a a S( x S( y ( ( (3 (4 where is a exclusive or (XOR operatio. The liftig scheme is used i the ecryptio side. Thus, it is ecessary to satisfy perfect recostructio i the decryptio side. This ca be carried out by a perfect recostructio liftig scheme, which eeds a small process arragemet as show i Fig.. The recostructio show i Fig. ca be represeted mathematically as follows: b y y b x y S( S( b b S( b x b S( x (5 (6 (7 (8 Fig.. Liftig scheme Fig.. Perfect recostructio liftig scheme

5 07 Jorda Joural of Electrical Egieerig. All rights reserved - Volume 3, Number II. BACKGROUND A. Avalache Criteria Avalache criterio was defied by Feistel [7]. It is cosidered oe of the most importat cryptographic properties of s-box. It is ecessary to certify that a small chage betwee two plaitexts gives a radom differece (avalache chage betwee two correspodig cipher texts. I order to satisfy avalache criteria, flippig a sigle bit of the iput value will result i half of the output bit values chage. For a cryptographic fuctio f x : Z Z plaitexts P ad P i be differet oly i bit i Pi P e (, there are differet iputs. Suppose that ( i, where e i is a vector with -bits ad a i positio i [8], the the outputs of P ad P i are f (P ad f ( P i ; the differece vector e i D is called the avalache vector which ca be computed as i (9. Its elemets are called the avalache variables [5]: e D i e e e e e f ( p f ( p [ i, d i, d i,......, d i ], d i i d Z 3 (9 The overall chage of the th avalache variable over the whole iput size ca be doe by taig ito accout all iput pairs P ad Pi which differ i the i th bit [5]: e i W ( d d PZ ei The cryptographic fuctio is said to satisfy the avalache criterio if for all i,,..., [5]: (0 AVAL ( i W ( a ei ( Normally, the AVAL (i taes values i the rage [0, ]. Accordig to (, AVAL (i is the calculatio of the probability of chage of the overall output bits whe oly the i th bit i the iput is altered. If AVAL (i is very close to oe half, the cryptographic fuctio satisfies the avalache criterio; otherwise it does ot. B. Strict Avalache Criterio (SAC Completeess ad avalache were oied ito a strict avalache criterio (SAC by Webster ad Tavares [9]. A cryptographic fuctio ad,,..., f x : Z Z ( satisfies SAC if for all i,,..., ; iput bit i chages output bit with a probability of exactly 0.5. I such a case, it is ecessary to separately satisfy each term of the summatio of (. This meas that for each i ad to satisfy, SAC should satisfy the followig equatio [5]: W ( a e i ( The SAC parameter ( SAC ( i, ca be defied as follows [5]:

07 Jorda Joural of Electrical Egieerig. All rights reserved - Volume 3, Number 53 SAC ei ( i, W ( a (3 It should be oted that SAC (i taes the values i the rage [0, ]; ad is cosidered as the calculatio of the probability of chage of the th output bit oce the i th bit i the iput is altered. The cryptographic fuctio satisfies the strict avalache criterio, if SAC (i is very close to 0.5; otherwise it does ot. If a cryptographic fuctio satisfies the SAC, the it also satisfies the completeess ad avalache criterio. However, if the cryptographic fuctio satisfies the completeess ad the avalache criterio, it does ot mea it should satisfy the SAC. C. Bit Idepedet Criterio (BIC Bit idepedet criterio was defied by Webster ad Tavares [9]. A cryptographic fuctio f x : Z Z ( satisfies bit idepedet criterio if for all i,,,,..., with ; chagig the iput bit i maes the output bits ad chage idepedetly [7]. I order to determie the bit idepedet criterio of a cryptographic fuctio, it eeds to calculate the correlatio coefficiet betwee the th ad th compoets of the avalache vector. The bit idepedece parameter is related to the result of chagig the iput bit i to the output bits ad of the avalache vector. It ca be calculated mathematically by [7]: BIC ei ( d, d max corr ( d i, d (4 The the BIC ca be calculated as follows [7]: BIC ( f max i,,, BIC ( d, d (5 The BIC taes a value i the rage [0, ]; the best value of BIC is equal to 0. While avalache variables are idepedet, BIC is i the worst case. The avalache variables are correlated. D. XOR Table Distributio I order to ivestigate the security of the bloc cipher agaist differetial cryptaalysis, which exploits the high values of the XOR table of s-boxes used by a bloc cipher, it is essetial to determie the XOR table distributio (differece distributio table of the s-box. The values i the XOR table should be as small as possible to avoid differetial cryptaalysis. The dimesio of the XOR table of a colums idices 0,,,..., s-box is a matrix [0], with rows ad. I order to implemet the XOR table distributio, assume that the iput vector is P ad chaged by P ; the the output differece is C ad give by: C f ( P f ( P P (6 where P Z ad m C Z. Now the XOR table distributio is give by [5]: XOR f ( P, C # { P f ( P f ( P P C } (7

54 07 Jorda Joural of Electrical Egieerig. All rights reserved - Volume 3, Number The etries of the XOR table always tae a eve value; the sum of all values i the row equals. I order to desig a secure ad strog bloc cipher, it is ecessary to have a secure s-box that satisfies the cofusio property, ad has small etries i its XOR table distributio. E. Liear Approximatio Table (LAT I order to evaluate the security of the bloc cipher agaist liear cryptaalysis, it is ecessary to determie the liear approximatio table which gives iformatio about the security of the s-box agaist liear cryptaalysis. Therefore, it is cosidered as a measure of resistace for the s-boxes agaist liear cryptaalysis. To avoid liear cryptaalysis, the values of the liear approximatio table should be as small as possible [4]. The dimesios of the liear approximatio table are the same as the XOR table distributio. It is matrix for a s-box; ad its rows ad colums idices are 0,,,..., To implemet the liear approximatio table, it is assumed that X is a iput of a s-box (S; Y is the output of the s-box Y S(X ; ad the liear approximatio table has its etry sittig at the X ' th row ad the Y' th colum, defied as [4]:. LAT ( X ', Y' #{ X Y' S( X X ' X} (8 where ( idicates the scalar or products of the vectors X ad X '. Basically, liear cryptaalysis exploits wea elemets of the liear approximatio table, whereas differetial cryptaalysis exploits the wea compoets of the XOR distributio table. For both tables, the wea elemet is the highest magitude elemet i the correspodig table. III. SIMULATION RESULTS AND DISCUSSION A. Avalache Criterio Geerally, if s-box ( is ot matched exactly, there will be some margial error, which is called a relative error iterval. This error should be very small ad the value of AVAL (i should be very close to 0.5; otherwise, the s-box does ot satisfy the avalache criteria. Cosequetly, the diffusio property is ot satisfied. The avalache criterio withi a error rage for all i is defied as follows [5]: ( i AVAL (9 The overall relative absolute error of s-box is calculated by [5]: AVAL AVAL max i AVAL ( i (0 For the proposed liftig s-box, the avalache criterio i ( is evaluated ad foud; ad the maximum relative absolute error is obtaied usig (0, where its value is 0.0083 compared with 0.035 for the s-box of Ridael [5]. Fig. 3 depicts the relative absolute error correspodig to the bit positio of the avalache vector for liftig scheme s-box.

07 Jorda Joural of Electrical Egieerig. All rights reserved - Volume 3, Number 55 Fig. 3. Relative absolute error versus bit positio of the avalache liftig scheme s-box B. Strict Avalache Criterio (SAC As metioed earlier, the satisfactio of completeess ad avalache criterio does ot mea there will be satisfactio of strict avalache criterio, but the reverse is true. Therefore, it is ecessary to ru the strict avalache criterio test to ivestigate the diffusio of the proposed liftig scheme s-boxes. The strict avalache criterio is cosidered a special case of the avalache criterio, as represeted i (. Thus, the error margi for the strict avalache criterio is more tha the error margi for the avalache criterio. Normally, the strict avalache criterio does ot satisfy (3 with exactly oe half, but there is some error margi. However, this error margi should be very small. The relative absolute error of the strict avalache criterio ( SAC is defied as follows [5]: SAC max i, SAC ( i, ( By applyig (3 ad (, the maximum relative absolute error of SAC for the liftig scheme s-box is foud to be 0.039, while it is 0.50 for Ridael [5]. The result deotes that the liftig scheme s-box satisfies both the SAC with a very small error margi ad the diffusio property. Fig. 4 shows 6 curves correspodig to iput differeces e, e, e3, e6. Fig. 4. Relative absolute error for SAC versus bit positio of the avalache vector for liftig scheme s-box

56 07 Jorda Joural of Electrical Egieerig. All rights reserved - Volume 3, Number C. Bit Idepedet Criterio (BIC The calculatio of BIC is differet from the calculatios of the avalache criterio ad SAC. The calculatio of BIC is based o calculatio of (4 to fid BIC ( f for the s-box, which is cosidered the maximum correlatio value betwee ay two avalache values. Therefore, the relative absolute error ( BIC is defied as follows [5]: BIC BIC( f ( It is foud to be 0.004 compared with 0.34 for the s-box of Ridael [5]. Fig. 5 correspods to the maximum relative absolute error for BIC of the liftig scheme s-box accordig to the avalache bit positio. Table summarizes the maximum relative errors for the liftig s-box ad Ridael s-box. The relative error values obtaied for the liftig s-box are very small; reflectig the high diffusio rate that the proposed s-box exhibits. Also, the relative error values for the proposed s-box are very small compared with the relative error values for the s-box of Ridael. This meas that the proposed s-box has a higher diffusio rate; as a result, more security ca be exhibited. Fig. 5. Relative absolute error for BIC versus bit positio of the avalache vector for the liftig scheme s-box TABLE MAXIMUM RELATIVE ERROR FOR THE LIFTING SCHEME S-BOX AND RIJNDAEL S-BOX AVAL SAC BIC Liftig Ridael [5] Liftig Ridael [5] Liftig Ridael [5] 0.0083 0.035 0.039 0.50 0.004 0.34 D. XOR Table Distributio To ivestigate the cofusio of the proposed liftig scheme s-box, determiatio of the XOR table distributio is required sice the s-box is the oly oliear compoet of a bloc cipher. The XOR table distributio evaluates the security of the bloc cipher agaist differetial cryptaalysis; ad is cosidered the first step towards examiig the stregth of the bloc

07 Jorda Joural of Electrical Egieerig. All rights reserved - Volume 3, Number 57 cipher agaist differetial cryptaalysis. From the XOR table distributio, desigers ca decide if the iteded s-box is suitable for their bloc ciphers or ot. The dimesio of the XOR distributio table of the s-box depeds o its iput; its etries are calculated usig (7. It should be oted that for the liftig scheme s-boxes, the dimesio of 6 6 the XOR distributio table depeds o the umber of iput bits for each brach. It is i the case of a 6 6 liftig scheme s-box. All the etries of the XOR distributio table should be as small as possible because differetial attacs exploit large values i the XOR distributio table i order to brea the cipher. It should be oted that whe the iput XOR equals zero, the output XOR will be zero for all pairs. Because it is impossible to have ay ozero value, the etry of the XOR table will be 6 i the case of 6 6 s-box. Also, all the values i the table are eve values; ad the sum of each lie equals 6 6 6 whe the dimesio of the XOR distributio table is. This meas that the summatio of each lie i the XOR table distributio depeds o the size of its s-box. For the proposed liftig scheme s-box, the maximum value i its XOR distributio table is by applyig (7. This value is very low ideed compared to the s-box size (6x6, resultig i a very small maximum differetial probability. E. Liear Approximatio Table (LAT The other table to be produced to examie the cofusio property of the proposed s-box is the liear approximatio table. The liear approximatio table evaluates the security of a bloc cipher agaist liear cryptaalysis. As metioed earlier, desigers ca use the XOR table distributio to decide o use of suitable s-boxes to couter differetial cryptaalysis. The liear approximatio table ca, however, be used by cryptographers to decide o use of suitable s-boxes to couter liear cryptaalysis. The dimesios of the liear approximatio table deped o the size of the s-box ad it is 6 6 for 6 6 liftig scheme s-box. The etries of the liear approximatio table are calculated by usig (8, the etries should be as small as possible to avoid liear cryptaalysis. If the iput subset is X ' =0; ad the output subset is Y ' 0, the etry to LAT cotais 3768 for a 6 6 liftig scheme s-box. Etries are zeros for all other output subsets. The maximum value obtaied i the liear approximatio table ( LAT is 90. This value is very low compared to the s-box size (6x6, resultig i a very small maximum liear probability. Maximum values i the XOR table distributio ad the liear approximatio table are very small compared to the s-box size; therefore, the proposed liftig scheme satisfies the cofusio property. Cosequetly, it is immue to liear ad differetial cryptaalysis. max IV. CONCLUSIONS The cryptographic properties of the liftig scheme s-box were evaluated ad compared with Ridael s-box. The results showed that the liftig s-box is domiat over Ridael s-box. It is cosidered as a strog s-box as it obeys the avalache criterio, SAC ad BIC with very small margial error. The maximum values i the XOR table distributio ad the liear approximatio table are also very small values compared with the s-box size. Therefore, the liftig scheme s-box supports the security ad scalability of the scalable filter ba bloc cipher.

58 07 Jorda Joural of Electrical Egieerig. All rights reserved - Volume 3, Number REFERENCES [] S. Saraireh ad M. Beaissa, "A scalable bloc cipher desig usig filter bas ad liftig over fiite fields," Proceedigs of IEEE Iteratioal Coferece o Commuicatios, pp. -5, 009. [] J. Daeme ad V. Rime, "AES proposal: Ridael, AES algorithm submissio," Produced by NIST Computer Security Resource Ceter, pp. -45, 999, http://csrc.ist.gov/archive/aes/ ridael/ridael-ammeded.pdf [3] Y. Borissov, P. Boyvaleov, ad R. Tseov, "Liear cryptaalysis ad modified DES with embedded parity chec i the s-boxes," Cryptography ad Iformatio Security, Lecture Notes i Computer Sciece, vol. 6, o. 9540, pp. 60-78, 06. [4] Y. Borissov, P. Boyvaleov, ad R. Tseov, "O a liear cryptaalysis of a family of modified DES ciphers with eve weight s-boxes," Cyberetics ad Iformatio Techologies, vol. 6, o 4, pp. 3-, 06. [5] S. Kavut ad M. Yücel, "O some cryptographic properties of Ridael," Lecture Notes i Computer Sciece: Iformatio Assurace i Computer Networs, Methods, Models ad Architectures for Networ Security, vol. 0, o. 05, pp. 300-3, 00. [6] A. Ahmad ad M. Farooq, "S-box scope: a meta s-box stregth evaluatio framewor for heterogeeous cofusio boxes," Proceedigs of Hawaii Iteratioal Coferece o System Scieces, pp 5545-5553, 06. [7] I. Vergili ad D. Mele, "Avalache ad bit idepedece properties for the esembles of radomly chose x s-boxes," Turish Joural of Electrical Egieerig ad Computer Scieces, vol. 9, o., pp. 37-45, 00. [8] K. Kim, T. Matsumoto, ad H. Imai, "A recursive costructio method of s-boxes satisfyig strict avalache criterio," Advaces i Cryptology, Lecture Notes i Computer Sciece, vol. 90, o. 537, pp. 545-553, 990. [9] A. Webster ad S. Tavares, "O the desig of s-boxes," Advaces i Cryptology, vol. 85, o. 8, pp. 53-534, 986. [0] E. Biham ad A. Shamir, "Differetial cryptaalysis of DES-lie cryptosystems," Joural. of Cryptology, vol. 4, o., pp. 3-7, 99.

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback